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(54) A method and apparatus for certification and safe storage of electronic documents 



(57) An electronic document provided by a user is 
certified using cryptographic functions to create a doc- 
ument fingerprint which is then cryptograph ically signed 
together with a time stamp. The document which was 
certified is archived for safe deposit and later retrieval. 
The document fingerprint and time stamp are returned 
to the user as part of a document certificate. The docu- 



ment certificate can be used to verify the authenticity of 
copies of the original document and to establish the prior 
existence of the document. The filename of each docu- 
ment certificate can include a portion of the document 
fingerprint associated with an electronic document to 
enable a very efficient search of a set of document cer- 
tificates to identify possible matches between document 
certificates and the electronic document being verified. 
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Description 

BACKGROUND OF INVENTION 

[0001] The present invention relates generally to the 
certification and safe storage of electronic documents. 
More specifically the present invention relates to the ap- 
plication of cryptographic methods to certify and pre- 
serve electronic documents for possible subsequent re- 
trieval and for verification of the contents of the electron- 
ic documents. 

[0002] Known systems and services apply crypto- 
graphic methods to electronic documents to verify the 
contents of the electronic documents as unchanged and 
to establish a time of certification. For example, Surety 
Technologies provides a service which allows the user 
to remotely apply a cryptographic hash function to a doc- 
ument to produce a document hash. The user then 
sends this document hash to a computer at Surety. 
Surety creates a superhash from all document hashes 
received within a given time interval time stamps the 
hash : and returns the time stamp and hash to the user. 
[0003] Another known service is a public PGP (pretty 
good privacy) digital time stamping service provided by 
I T Consultancy Limited. This service receives electron- 
ic documents from users and then applies cryptographic 
methods to produce a unique serial number a time 
stamp and a cryptographic signature. The service main- 
tains a log of the cryptographic signature, its serial 
number and its time stamp. A user can : for example, 
send an electronic document to the service where the 
document is time stamped and forwarded to an intended 
recipient who receives the document and its time stamp. 
The purpose of the service is to time stamp documents 
signed with PGP technology. 

[0004] These known systems and services, however, 
cannot both certify an electronic document and preserve 
a copy of the document for subsequent verification and/ 
or retrieval. 

SUMMARY OF THE INVENTION 

[0005] An electronic document provided by a user is 
processed (i.e., certified) using cryptographic functions 
to create a document fingerprint which is then sealed (i. 
e. : cryptograph ically signed) with a time stamp in a doc- 
ument certificate so that the document fingerprint and 
time stamp cannot be counterfeit. The original electronic 
document which was certified can be archived for safe 
deposit and later retrieval. The document certificate can 
be used with public cryptographic software and an ap- 
propriate public key to verify the authenticity of copies 
of the original electronic document and to establish the 
prior existence of the documents. 
[0006] An electronic document is certified and pre- 
served by applying a first cryptographic hash function to 
the electronic document to produce a document finger- 
print. A second cryptographic hash function is applied 



to a document certificate, which includes the document 
fingerprint, a time stamp, and a serial number, to pro- 
duce a document certificate fingerprint. The document 
certificate fingerprint is cryptographically signed to pro- 
5 duce a digital signature. The electronic document is 
stored and a copy of the document certificate is sent to 
the user. 

[0007] The filename of the document certificate can 
include at least a portion of the document fingerprint 8 

w (contained within the document certificate) concatenat- ^ 
ed with at least a portion of the time stamp. This filename 
structure can enable an efficient search of document ^ 
certificates, which can be resident on a user's machine, 
for the document certificate(s) associated with a given 

is electronic document. Consequently, a user can search 
the filenames of the document certificates rather than 
their contents. The authentication process can use the 
document certificate whose document fingerprint con- 
tents match the fingerprint of the document being veri- 

20 fied. When more than one document certificate are as- 
sociated with an electronic document, the time stamp 
component of the document certificate filename indi- 
cates which of the document certificates is the more rel- 
evant. 

25 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0008] FIG. 1 illustrates a system block diagram of a 
communication system for performing certification and 

30 safe storage of electronic documents, according to an 
embodiment of the present invention. 
[0009] FIG. 2 illustrates a method by which the server 
certifies and archives electronic documents, according 
to an embodiment of the present invention. 

35 [0010] FIG . 3 illustrates a format for the serial number, 
according to an embodiment of the present invention. 
[0011] FIG. 4 illustrates the process by which a user 
can authenticate the contents of a document certificate 
as having been unchanged since the time of certification 

40 to ensure the time of certification for the electronic doc- 
ument associated with the document certificate, accord- 
ing to an embodiment of the present invention. 
[001 2] FIG . 5 shows an output display indicating to the 
user the document certificates locally stored at the cli- 

45 ent, according to an embodiment of the present inven- 
tion. 

[001 3] FIG. 6 illustrates a process by which a user can 
authenticate the contents of the electronic document as 
having been unchanged, according to an embodiment * 
so of the present invention. 

[001 4] FIG. 7 illustrates a process by which a user can 
authenticate the contents of the electronic document as * 
having been unchanged, according to another embodi- 
ment of the present invention. 

55 

DETAILED DESCRIPTION 

[0015] FIG. 1 illustrates a system block diagram of a 
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communication system for performing certification and 
safe storage of electronic documents : according to an 
embodiment of the present invention. Communication 
network 100 interconnects client computers 1 1 0 : and 
server 120 connected to repository storage 130. 
[0016] Client computer 110 comprises processor 111, 
computer readable memory 112 : network port 113 for 
coupling to network 100, and a local storage 114. Proc- 
essor 111, computer-readable memory 112, network 
port 1 1 3 and local storage 1 1 4 are interconnected. Mem- 
ory 112 can store user application instructions for exe- 
cution by processor 1 1 1 to verify the contents of an elec- 
tronic document and to establish that it existed at some 
prior date (i.e., affirm the time stamp in its associated 
document certificate). Local storage 114 can store elec- 
tronic documents and document certificates, the combi- 
nation of which can be used to verify the contents of an 
electronic document and its associated time stamp in- 
cluded in the corresponding document certificate. The 
memory 112 and storage facility 114, although shown 
as separate elements, could take the form of a single 
device. 

[0017] Server 120 is a network node that comprises 
processor 121, computer readable memory 122; repos- 
itory storage interface port 1 23 for coupling to repository 
storage 1 30: and network port 1 24 for coupling to com- 
munication network 100. Processor 111, memory 112, 
repository storage interface port 123 and network port 
124 are interconnected. 

[0018] Memory 1 22 stores service instructions adapt- 
ed to be executed by processor 1 21 to certify electronic 
documents received from the user at client 110 and to 
store the electronic documents and their corresponding 
document certificates for possible later retrieval. The 
certification process allows a user to later verify the con- 
tents of an electronic document and its corresponding 
document certificate (which includes the document fin- 
gerprint resulting from the certification process and data 
indicating the time that certification was performed) as 
being unchanged. Another embodiment of server 1 20 is 
a server on a corporate intranet that stores proprietary 
electronic documents. 

[001 9] Repository storage 1 30 is accessible by server 
120 and stores the electronic documents certified by 
server 120 and possibly their corresponding document 
certificates. Rather than store the document certificates, 
it may be convenient to retain and store the separate 
fields of data comprising the certificate in a separate da- 
tabase. The electronic documents and document certif- 
icates stored in repository storage 1 30 can be retrieved 
by server 120 and forwarded to a user at client 110 to 
replace lost or inadvertently changed electronic docu- 
ments and/or document certificates. As discussed more 
fully below, these electronic documents and/or docu- 
ment certificates can be used to verify the contents of 
copies of the electronic document which were certified 
and to establish the time stamp of certification. This ver- 
ification can be performed by either the user who origi- 



nated the document certification or any other party with 
a copy of this corresponding document certificate. 
[0020] FIG. 2 illustrates a method by which the server 
certifies and archives electronic documents, according 

5 to an embodiment of the present invention. At step 200, 
server 120 receives an electronic document from client 
110 through communication network 100. The electron- 
ic document sent by the client can be any type of binary 
file representing any type of information, such as video, 

10 audio, text, image, facsimile, multimedia or any combi- 
nation of data : in any appropriate format. For example, 
the electronic document can be a spreadsheet, or some 
other form of database. The electronic document can 
be previously encrypted by the user at client 1 1 0 before 

is being sent to server 120. 

[0021] Atstep2l0, server 1 20 applies a cryptographic 
hash function to the electronic document to produce a 
document fingerprint. The cryptographic hash function 
applied in step 210 can be any type of cryptographic 

20 hash function which exhibits the characteristics de- 
scribed below and which maps bit strings of arbitrary fi- 
nite length into bit strings of fixed length. The output of 
such a cryptographic hash function is sometimes re- 
ferred to as a fingerprint. 

25 [0022] For example, a cryptographic hash function 
can be selected having the characteristics of collision 
resistance, preimage resistance and/or second-preim- 
age resistance. Collision resistance indicates that it is 
computationally infeasible to find any two inputs (e.g., 

30 any two electronic documents) which hash to the same 
output (i.e., the same fingerprint). Preimage resistance 
indicates that for essentially any prespecified output, it 
is computationally infeasible to find any input which 
hashes to that output. In other words, where a fingerprint 

35 is pre-specified, it is very difficult (essentially impossi- 
ble) to determine the contents of the electronic docu- 
ment which produced that fingerprint. A fingerprint pro- 
duced by a cryptographic hash function of this class is 
considered irreversible. Finally, second-preimage re- 

■10 sistance indicates that it is computationally infeasible to 
find any second input which has the same output as any 
specified input. In other words, where one electronic 
document is specified, it is very difficult (essentially im- 
possible) to find another electronic document which pro- 

45 duces the same fingerprint. 

[0023] Manipulation detection codes (MDCs) can be 
used, such as the MD5 hash algorithm which produces 
a 128 bit (or 32 hex) length string. U.S. Patent No. 
4,908,861, issued to Brachtl et al. on March 13, 1990, 

so discloses the MD2 and MD4 hash algorithms and is in- 
corporated by reference. To varying degrees, these MD- 
Cs exhibit the characteristics of collision resistance, pre- 
image resistance and/or second-preimage resistance. 
[0024] In alternative embodiments, a combination of 

55 cryptographic functions can be used. For example, the 
MD5 hash algorithm can be applied to an electronic doc- 
ument and the Secure Hash Algorithm (SHA-1) can be 
applied separately to the electronic document; the fin- 
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gerprints or a portion thereof from each fingerprint can 
be combined to produce a composite fingerprint. Such 
a scheme allows the best characteristics of one crypto- 
graphic hash function to be combined with the best char- 
acteristics of another cryptographic hash function. In 
other words, the collision resistance and second preim- 
age resistance characteristics of a collision resistant 
hash function such as the MD5 hash algorithm : can be 
combined with the preimage resistance and the second 
preimage resistance characteristics of a one-way hash 
function, such as the SHA-1 hash algorithm. 
[0025] At step 220, server 1 20 records a time stamp. 
This time stamp can be used in the future to determine 
when the certification method : generally described in 
reference to FIG. 2, was applied to the electronic docu- 
ment received in step 200. Note that the recording of the 
time stamp in step 220 can be performed just before or 
contemporaneous with step 210. The time recorded 
should be some form of universal time such as Green- 
wich Mean Time (GMT). The time stamp has a time res- 
olution which indicates the smallest interval of time by 
which the time stamp is incremented. 
[0026] At step 230 : a document certificate is created 
by server 1 20 using the document fingerprint produced 
in step 210, the time stamp produced in step 220 ; and 
a serial number. FIG. 3 illustrates a format for the serial 
number according to an embodiment of the present in- 
vention. The serial number can include hash 300 : time 
stamp 31 0, sequence number 320 and service provider/ 
processor number 330. Hash 300 can be, for example, 
hexadecimal characters from the digital fingerprint pro- 
duced in step 210 or a subset thereof. For example, 
hash 300 can include eight of the thirty-two hexadecimal 
characters of a document fingerprint produced by the 
MD5 hashing algorithm applied in step 210. Alternative- 
ly, hash 300 can include as many as thirty-two of the 
hexadecimal characters from the document fingerprint 
produced by the MD5 hashing algorithm applied in step 
210. 

[0027] Time stamp 310 indicates the date and time at 
which the document was certified by server 120. The 
value of time stamp 310 corresponds to the time stamp 
record recorded in step 220. Time stamp 310 can in- 
clude, for example, the year, month, day, hour and 
minute. 

[0028] Sequence number 320 is a unique number se- 
rially counted by a particular server 1 20 for a particular 
time interval. Where values of time stamp 310 indicate 
the date and the time to, for example, the minute, se- 
quence number 320 should have a sufficient range 
(numberof digits) to serially count the maximum number 
of electronic documents which can be certified per 
minute. 

[0029] For example, consider the case where the min- 
imum time needed for processor 121 of server 120 to 
certify an electronic document is about four microsec- 
onds. The maximum number of electronic documents 
that can be certified in a minute is about sixteen million 



and, consequently, sequence number 320 should have 
at least six hexadecimal digits. 

[0030] Service provider/processor identifier 330 is a 
unique string indicating a particular server 120 which 

5 distinguishes that server 1 20 from any other server 1 20 
possibly connected to communication network 100. 
Service provider/processor identifier 330 can include a 
service provider indicator and a processor indicator: a 
portion of service provider/processor identifier 330 can 

10 indicate a particular service provider and another por- 
tion of service provider/processor identifier 330 can in- 
dicate the particular service provider's processor per- 
forming the certification described in reference to FIG. 2. 
[0031] In alternative embodiments, the document cer- 

15 tificate additionally can include a document name and 
a user-specified description. The document name can 
be in a format required by the operating system of the 
client 110 which created the electronic document and/ 
or from where it was sent. For example, a file created in 

20 Microsoft® DOS® or Windows® operating system can 
have the document name of "peer. doc". The user-spec- 
ified description can be text created by the user as notes 
about the particular electronic document: the user can, 
for example, describe the electronic document to pro- 

25 vide a reminder about content for later use. 

[0032] At step 240, a cryptographic hash function is 
applied to the document certificate created in step 230 
to produce a document certificate fingerprint. The par- 
ticular cryptographic hash function applied in step 240 

30 can be the same as the cryptographic hash function ap- 
plied in step 210 or a different cryptographic hash func- 
tion with similar characteristics. 

[0033] At step 250, the document certificate finger- 
print is cryptographically signed to create a digital sig- 

35 nature. The cryptographic signing of the document cer- 
tificate fingerprint can be performed by any known public 
key encryption scheme such as the RSA public key en- 
cryption scheme disclosed in U.S. Patent 4,405,829 by 
Rivest, et al. issued on September 20, 1983 and which 

40 is incorporated herein by reference. In this case, server 
1 20 can cryptographically sign the document certificate 
fingerprint using a private key to create the digital sig- 
nature; subsequently, a user at client 110 can crypto- 
graphically verify the digital signature using the public 

45 key corresponding to the private key. 

[0034] At step 260, the electronic document is stored 
in repository storage 130. Alternatively, the electronic 
document and the document certificate can be stored in 
repository storage 130. 

50 [0035] At step 270, the document certificate and its 
associated digital signature are sent from the server to 
the user at the client. The client can store the document 
certificate and the digital signature, for later use to verify 
the contents of copies of the original electronic docu- 

55 ment as unchanged and to establish a prior date of ex- 
istence via the time stamp in the document certificate. 
The user can distribute copies of document certificates 
and their associated digital signatures to others. 
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[0036] FIG. 4 illustrates the process by which a user 
can authenticate the contents of a document certificate 
as having been unchanged since the time of certification 
to ensure that the time of certification for the electronic 
document associated with the document certificate and 
the document fingerprint contained therein are authen- 
tic, according to an embodiment of the present inven- 
tion. By authenticating the contents of the document cer- 
> tificate as being unchanged since the time of certifica- 

tion, a user can authenticate the date/time at which the 
corresponding electronic document was certified. By 
authenticating the contents of the document certificate 
as being unchanged since the time of certification, the 
user also can authenticate the document fingerprint 
contained within the document certificate to subse- 
quently authenticate the electronic document (see, e.g. , 
the discussion regarding FIG. 6 below). 
[0037] Note that the specific user that submitted the 
electronic document to server 120 for certification can 
perform the method described in FIG. 4. Additionally, us- 
ers other than the specific user who submitted the elec- 
tronic document for certification can also perform the 
method described in FIG. 4. In either case, the specific 
user that submitted the electronic document to server 
1 20 for certification need not be the user who originated 
(i.e., created) the electronic document. 

* [0038] At step 400, the user performing the certificate 
v authentication obtains a copy of the document certifi- 
cate and the digital signature. For example, the docu- 

■j ment certificate and the digital signature can be ob- 

i* tained from storage 11 4 of client 110. In the case where 

* the user authenticating the contents of the document 
^ certificate is the party who submitted the corresponding 

electronic document for certification, for example, the 
document certificate and the digital signature may still 
be stored in storage 114 of client 110 after initially being 
provided by server 120 to the user upon completion of 
certification. 

[0039] FIG. 5 shows an output display indicating to the 
user the document certificates locally stored at the cli- 
ent, according to an embodiment of the present inven- 
tion. The output display shown in FIG. 5 indicates the 
time stamp, document name, description and serial 
number associated with each document certificate. The 
user can view the list and select a document certificate 
to be authenticated. 

[0040] In alternative embodiments, the user authenti- 
cating the contents of the document certificate can be 
i} someone other than the specific user who originally sub- 

mitted the corresponding electronic document for certi- 
, fication. In this case, the user performing authentication 

* can receive a copy of the document certificate and the 

digital signature from another party, such as the specific 
original submitting user. The authenticating user can re- 
ceive the document certificate and digital signature by, 
for example, electronic mail (i.e., e-mail) or by portable 
storage medium (e.g., a floppy disk). 
[0041] At step 410, a cryptographic hash function is 



applied to the document certificate to produce a first 
document certificate fingerprint. The cryptographic hash 
function applied in step 410 is the same cryptographic 
hash function previously applied by server 120 and de- 

5 scribed in reference to step 240 of FIG. 2. To ensure that 
the user attempting to authenticate a document certifi- 
cate uses the same cryptographic hash function used 
by the server when the certificate was created, the serv- 
ice provider associated with the server can distribute or 

10 make available application software containing the spe- 
cific cryptographic hash function or must specify same. 
[0042] At step 420, the digital signature obtained in 
step 400 is cryptographically verified (i.e.. read) to pro- 
duce a second document certificate fingerprint. The dig- 

15 ital signature can be cryptographically verified using the 
complement of the cryptographic signing (i.e., encryp- 
tion) used by server 120 in step 240 of Fig. 2. For ex- 
ample, where server 120 previously cryptographically 
signed the certificate fingerprint using a private key ac- 

20 cording to a public key encryption scheme (e.g., RSA), 
the user at client 110 can cryptographically verify (i.e., 
read) the digital signature using the public key corre- 
sponding to the private key previously used by server 
120. Just as the service provider associated with the 

25 server which created the document certificate can dis- 
tribute or specify the cryptographic hash function used 
to create the fingerprints created during certification, 
this service provider can make available to users the 
public key with which the digital signature associated 

30 with the document certificate can be read. 

[0043] At conditional step 430, the first document cer- 
tificate fingerprint produced in step 410 is compared to 
the second document certificate fingerprint derived from 
the digital signature associated with the document cer- 

35 tificate. If the contents of both document certificate fin- 
gerprints are the same, then the process proceeds to 
step 440 where the contents of the document certificate 
are indicated as having been unchanged since certifi- 
cation (i.e., the contents of the document certificate are 

40 authentic). 

[0044] At step 430, if the contents of the first docu- 
ment certificate fingerprint produced in step 410 are dif- 
ferent from the second document certificate fingerprint 
in the document certificate, then the process proceeds 

45 to step 450 where the contents of the document certifi- 
cate are indicated as not authentic (i.e., they have been 
changed since the time of certification). Where the con- 
tents of the document certificate are not authenticated, 
the document certificate and its contents have no valid- 

50 ity. 

[0045] FIG. 6 illustrates a process by which a user can 
authenticate the contents of a particular electronic doc- 
ument as having been unchanged, according to an em- 
bodiment of the present invention. The process de- 
55 scribed in FIG. 6 is premised on the assumptions that 
the user at client 1 1 0 knows a document certificate cor- 
responding to the particular electronic document exists, 
that the contents of the document certificate are authen- 
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tic (see. e.g.. the discussion above regarding FIG. 4) and 
that the document certificate is stored at client 1 1 0. Note 
that the process described in FIG. 6 can be performed 
by the user who submitted the electronic document for 
certification or by other users. 

[0046] At step 600 : the user at client 110 obtains a 
copy of the electronic document and the corresponding 
document certificate having a first document fingerprint. 
This can be performed in a number of ways. For exam- 
ple, the user may have retained an unchanged copy of 
the electronic document since it was submitted for cer- 
tification and/or the user also may have retained an un- 
changed copy of the document certificate since provid- 
ed by server 120 at the time of certification. 
[0047] Alternatively, a user can request server 1 20 to 
provide the user at client 110 a copy of the electronic 
document and/or the corresponding document certifi- 
cate: server 120 can retrieve the electronic document 
and/or the corresponding document certificate from re- 
pository storage 1 30 and forward then to the user at cli- 
ent 110. Presumably, server 120 will only forward an 
electronic document and/or the corresponding docu- 
ment certificate to the user who originally submitted the 
electronic document for certification by server 1 20 or to 
another user authorized by the user who originally sub- 
mitted the document. This selective forwarding can be 
accomplished through the use of passwords, for exam- 
ple, whereby server 120 identifies the specific user re- 
questing forwarding. 

[0048] In alternative embodiments, the user can re- 
ceive the electronic document, the corresponding doc- 
ument certificate and its associated digital signature by, 
for example, electronic mail (i.e., e-mail) or by portable 
storage medium (e.g. , a floppy disk). For example, a us- 
er who originally submitted the electronic document can 
forward the electronic document, the corresponding 
document certificate and its associated digital signature 
to a second user. The second user can use a locally res- 
ident copy of the user application instructions to sepa- 
rately authenticate the contents of the electronic docu- 
ment. The second user can further distribute copies of 
the document, the document certificate and its associ- 
ated digital signature. 

[0049] Before proceeding, the user uses the method 
of FIG. 4 to establish the authenticity of the document 
certificate in hand. When the method of FIG. 4 indicates 
that the contents of the document certificate are authen- 
tic, the user continues with step 610. 
[0050] At step 610, a cryptographic hash function is 
applied to the copy of the electronic document to be au- 
thenticated to produce a second document fingerprint. 
The cryptographic hash function applied in step 610 is 
the same cryptographic hash function previously ap- 
plied by server 120 and described in reference to step 
210 of FIG. 2. 

[0051] At conditional step 620, the first document fin- 
gerprint obtained in step 600 is compared to the second 
document fingerprint produced in step 610. If the first 



document fingerprint matches the second document fin- 
gerprint, then the process proceeds to step 630 where 
the contents of the electronic document are indicated as 
having been unchanged since certification (i.e., the con- 

5 tents of the electronic document are authentic). 

[0052] If, however the first document fingerprint does 
not match the second document fingerprint, then the 
process proceeds to step 640 where the contents of the 
electronic document are indicated as being changed (i. 

w e. : the contents of the electronic document are not au- 
thentic). Because the process described in FIG. 6 is 
premised on the assumption that the user at client 110 
knows a document certificate for the corresponding 
electronic document exists and is stored at client 110, 

is the first document fingerprint will not match the second 
document fingerprint only when the contents of the elec- 
tronic document have been changed (intentionally or 
unintentionally). 

[0053] FIG. 7 illustrates a process by which a user can 

20 authenticate the contents of the electronic document as 
having been unchanged, according to another embodi- 
ment of the present invention. The process described in 
reference to FIG. 7 is applicable where the user cannot 
establish that the corresponding document certificate is 

25 locally stored in local storage 114 at the client 110. Not 
only may the user be unable to establish that a corre- 
sponding document certificate is locally stored, the user 
may not know whether the electronic document has 
been previously certified. 

30 [0054] In an alternative embodiment, document cer- 
tificates can be maintained in a public or controlled ac- 
cess database connected to communication network 
100. A user can create a document fingerprint and then 
search the directory of the public or controlled access 

35 database to find a matching document fingerprint. If a 
match is found, the user can thereby establish that the 
document in the user's possession is an authentic copy 
of some original which was previously certified on the 
date indicated by the document certificate. Depending 

40 on other information which can be stored with the doc- 
ument fingerprint in the public or controlled access di- 
rectory, the user can learn more about the document in 
the user's possession. 

[0055] At step 700, the user at client 110 obtains a 
45 copy of the electronic document whose contents are to 
be authenticated. As just discussed, the user cannot yet 
establish whether the corresponding document certifi- 
cate is locally stored at client 110. 
[0056] At step 71 0 : a cryptographic hash function is 
50 applied to the electronic document to produce a first 
document fingerprint. The cryptographic hash function 
applied in step 710 is the same cryptographic hash func- 
tion previously applied by server 120 and described in 
reference to step 210 of FIG. 2. 
55 [0057] At step 720 : for each document certificate lo- 
cally resident at local storage 1 1 4 of client 1 1 0, the value 
of the hash component (e.g. hash 300 in FIG 3) of the 
serial number for the document certificate is obtained. 



6 



11 



EP 0 940 945 A2 12 



Note that each document certificate includes its own 
second document fingerprint which can be compared to 
the first document fingerprint produced at step 710. As 
FIG. 5 illustrates for one embodiment, each document 
certificate filename comprises the document certificate 
serial number beginning with eight hexadecimal digits 
which equal the first eight hexadecimal digits of the doc- 
ument fingerprint contained within the document certif- 
icate. In alternative embodiments, a greater or fewer 
number of digits of the document fingerprint can be used 
in the serial number and, consequently, obtained at step 
720. By including in the filename of each document cer- 
tificate some subset of the document fingerprint con- 
tained in the document certificate, the filenames of the 
resident document certificates (of which there may be 
thousands) or a public or controlled-access database of 
document certificates (of which there may be thou- 
sands) can be scanned simply and efficiently in search 
of a match with the fingerprint computed from the doc- 
ument to be authenticated. This method for naming the 
document certificates obviates the need to open each 
document certificate file to check for the existence of a 
match. 

[0058] At conditional step 730 : the value of the hash 
component (e.g. hash 300 in FIG. 3) of the serial number 
for the document certificate is compared to the corre- 
sponding portion of the first document fingerprint pro- 
• duced in step 710. For example, where the value of hash 

300 is the first eight hexadecimal digits of the document 
fingerprint previously produced by server 120 (see step 
210 of FIG. 2) : the corresponding first eight hexadecimal 
y digits of the document fingerprint produced in step 710 

a are compared. If no match results from cycling through 

all document certificates in the local storage 114, or in 
some public or controlled-access database, the process 
proceeds to step 740 where it is indicated that authen- 
ticity cannot be established. If the portions of the docu- 
ment fingerprints match, then the process proceeds to 
conditional step 750. 

[0059] Note that even though authenticity of the con- 
tents of the electronic document cannot be established 
in step 740 of FIG 7, the document may still be an au- 
thentic copy of some original. Failing to establish au- 
thenticity simply indicates that the document certificate 
corresponding to that original may not be present in the 
local storage 1 1 4 or in any other database(s) which were 
searched. 

[0060] At conditional step 750, for each match result- 
ing from conditional step 730, the corresponding second 
document fingerprint included in the document certifi- 
cate associated with the matched serial number is com- 
f pared to the first document fingerprint produced in step 

710. In other words, each matched serial number has a 
corresponding document certificate which includes the 
full document fingerprint: at conditional step 750, this 
full document fingerprint is compared to the document 
fingerprint produced in step 710. Note that for step 750 
to be valid, the authenticity of the contents of the docu- 



ment certificate should have been previously estab- 
lished using the process of FIG. 4. 
[0061] If the first document fingerprint does not match 
any of the second document fingerprints (i.e., the full 

5 document fingerprint associated with the matched serial 
number), then the process proceeds to step 740 where 
it is indicated that the contents of the electronic docu- 
ment cannot be shown to be authentic. 
[0062] If the first document fingerprint matches the 

to second document fingerprint (i.e., the full document fin- 
gerprint associated with the matched serial number), 
then the process proceeds to step 760. At step 760, the 
contents of the electronic document are indicated as 
having been unchanged since certification (i.e., the con- 

is tents of the electronic document are authentic). 

[0063] It should, of course, be understood that while 
the present invention has been described in reference 
to particular system configurations and processes, other 
system configurations and processes should be appar- 

20 ent to those of ordinary skill in the art. For example, the 
present invention can include any number of clients and 
servers, and be connected to a telecommunication net- 
work or combination of telecommunication networks. 

25 

Claims 

1 . A method for certifying and preserving an electronic 
document, comprising: 

30 

(a) applying a first cryptographic hash function 
to the electronic document to produce a docu- 
ment fingerprint: 

(b) applying a second cryptographic hash func- 
35 tion to a document certificate which includes 

the document fingerprint, a time stamp, and a 
serial number to produce a document certifi- 
cate fingerprint; 

(c) cryptographically signing the certificate fin- 
40 gerprint to produce a digital signature: and 

(d) storing the electronic document. 

2. The method of claim 1, wherein the serial number 
includes at least a portion of the document finger- 

45 print produced in step (a). 

3. The method of claim 1, wherein the serial number 
includes at least a portion of the document finger- 
print produced in step (a) and the time stamp. 

50 

4. The method of claim 1. wherein the serial number 
includes at least a portion of the document finger- 
print produced in step (a), the time stamp, and a 
sequence number. 

55 

5. The method of claim 1, wherein the serial number 
is used as a filename for the document certificate. 
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6. The method of claim 1. wherein the serial number 
includes at least a portion of the document finger- 
print produced in step (a), the time stamp having a 
ti m e resolution, a sequence number reset every 
time resolution and a service identifier indicating a 
processor used by a service provider. 

7. The method of claim 1 . wherein: 

the first cryptographic hash function applied in 
step (a) is a collision resistant hash function, 
the second cryptographic hash function applied 
in step (b) is a collision resistant hash function, 
and 

the cryptographic signing in step (c) uses a pub- 
lic-key encryption scheme including a private 
key for cryptographic signing and its associated 
public key for cryptographic verifying. 

8. The method of claim 1 . wherein: 

the first cryptographic hash function applied in 
step (a) is a MD5 hash function, 
the second cryptographic hash function applied 
in step (b) is a MD5 hash function, and 
the cryptographic signing in step (c) uses an 
RSA public-key encryption scheme including 
an RSA private key for cryptographic signing 
and its associated RSA public key for crypto- 
graphic verifying. 

9. The method of claim 1 , further comprising: 

(e) applying a third cryptographic hash function 
to the electronic document to produce a second 
document fingerprint: 

the serial number including at least a portion 
of the first document fingerprint produced in step (a) 
and at least a portion of the second document fin- 
gerprint produced in step (e). 

10. The method of claim 1 . further comprising: 

(e) applying a third cryptographic hash function 
to the electronic document to produce a second 
document fingerprint, the third cryptographic 
hash function being the SHA-1 hash function: 

the serial number including at least a portion 
of the first document fingerprint produced in step (a) 
and at least a portion of the second document fin- 
gerprint produced in step (e). 

11. The method of claim 1 : wherein the storing step (d) 
further includes storing the document certificate 
and its associated digital signature. 



12. The method of claim 1 . further comprising: 

(e) sending to the user the document certificate 
stored in said storing step (d) and the digital sig- 
5 nature. 

1 3. The method of claim 1 , further comprising: 

(e) deleting the electronic document stored in 
w said storing step (d). 

14. A method for retrieving and authenticating an elec- 
tronic document, comprising: 

75 (a) obtaining the electronic document, a docu- 

ment certificate associated with the electronic 
document and having a first document finger- 
print, and a digital signature associated with the 
document certificate: 

20 (b) applying a first cryptographic hash function 

to the document certificate to produce a first 
document certificate fingerprint: 

(c) cryptographically verifying the digital signa- 
ture to produce a second document certificate 

25 fingerprint: 

(d) indicating, when the first document certifi- 
cate fingerprint matches the second document 
certificate fingerprint, that the first document 
fingerprint and the certification time associated 

30 with the document certificate are authentic: 

(e) applying a second cryptographic hash func- 
tion to the electronic document to produce a 
second document fingerprint: and 

(f) indicating, when the first document finger- 
35 print matches the second document fingerprint, 

that the contents of the electronic document are 
authentic. 

15. The method of claim 14, further comprising: 



40 

(g) sending a request to a server for the elec- 
tronic document and the document certificate 
associated with the electronic document. 

45 16. The method of claim 14, wherein said indicating 
step (f) includes: 

(i) comparing a hash value of a serial number 
included in a filename of the document certifi- 

50 cate with a corresponding portion of the second 

document fingerprint: 

(ii) comparing, when the hash value and the 
corresponding portion of the second document 
fingerprint compared in step (f)(i) match, the 

55 first document fingerprint of the document cer- 

tificate with the second document fingerprint. 

17. The method of claim 14, wherein said indicating 
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step (f) includes: 

(i) comparing the second document fingerprint 
with a plurality of filenames each filename cor- 
responding to one document certificate from a 
plurality of document certificates : each filena- 
me including a hash value component of a se- 
rial number associated with its document cer- 
tificate: and 

(ii) comparing, when the hash value component 
of at least one filename from the plurality of 
filenames matches a corresponding portion of 
the second document fingerprint compared in 
step (f)(i), the first document fingerprint of the 
document certificate with the second document 
fingerprint. 

18. The method of claim 14, wherein said indicating 
step (f) includes: 

(i) comparing the second document fingerprint 
with a plurality of filenames each filename cor- 
responding to one document certificate from a 
plurality of document certificates ! each filena- 
me beginning with a portion of the first docu- 
ment fingerprint: and 

(ii) comparing, when the hash value component 
of at least one filename from the plurality of 
filenames matches a corresponding portion of 
the second document fingerprint compared in 
step (f)(i), the first document fingerprint of the 
document certificate with the second document 
fingerprint. 

19. The method of claim 1 4, wherein: 

the first cryptographic hash function applied in 
step (b) is a collision resistant hash function 
the second cryptographic hash function applied 
in step (e) is a collision resistant hash function, 
and 

the cryptographic verifying in step (c) uses a 
public-key encryption scheme including a pri- 
vate key for cryptographic signing and its asso- 
ciated public key for cryptographic verifying. 

20. The method of claim 1 4 : wherein: 

the first cryptographic hash function applied in 
step (b) is a MD5 hash function, 
the second cryptographic hash function applied 
in step (e) is a MD5 hash function, and 
the cryptographic verifying in step (c) uses an 
RSA public-key encryption scheme including 
an RSA private key for cryptographic signing 
and its associated RSA public key for crypto- 
graphic verifying. 



21. The method of claim 14. further comprising: 

(g) applying a third cryptographic hash function 
to the electronic document to produce a third 
5 document fingerprint: 

the serial number including at least a portion 
of the second document fingerprint produced in 
step (e) and at least a portion of the third document 
10 fingerprint produced in step (g). 

22. The method of claim 14, further comprising: 

(g) applying a third cryptographic hash function 
75 to the electronic document to produce a second 

document fingerprint, the third cryptographic 
hash function being the SHA-1 hash function; 

the serial number including at least a portion 
20 of the second document fingerprint produced in 
step (e) and at least a portion of the third document 
fingerprint produced in step (g). 

23. The method of claim 1 4, wherein the electronic doc- 
25 ument, the document certificate and the digital sig- 
nature obtained in step (a) are obtained from local 
storage. 

24. The method of claim 1 4, wherein the electronic doc- 
30 ument, the document certificate and the digital sig- 
nature obtained in step (a) are obtained from a serv- 
ice provider, who originally certified the electronic 
document, through a communication network. 

35 25. The method of claim 1 4, wherein the electronic doc- 
ument, the document certificate and the digital sig- 
nature obtained in step (a) are obtained from a re- 
mote party through a communication network using 
electronic mail. 



40 



45 



26. The method of claim 1 4, wherein the electronic doc- 
ument, the document certificate and the digital sig- 
nature obtained in step (a) are obtained from a re- 
mote party through portable medium. 

27. A method for determining whether an electronic 
document is an authentic copy based on a plurality 
of document certificates each having its own docu- 
ment fingerprint, comprising: 



50 



(a) applying a cryptographic hash function to 
the electronic document to produce a first doc- 
ument fingerprint: 

(b) comparing the first document fingerprint to 
55 the document fingerprint of at least one docu- 
ment certificate from the plurality of document 
certificates; and 

(c) indicating, when the first document finger- 
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print matches the document fingerprint of the 
at least one document certificate from the plu- 
rality of document certificates, that the electron- 
ic document is an authentic copy of the elec- 
tronic document associated with the at least $ 
one document certificate. 

28. The method of claim 27 : wherein the plurality of doc- 
ument certificates are stored on a publicly accessi- 
ble database. 10 

29. The method of claim 27 : wherein the plurality of doc- 
ument certificates are stored on a limited access da- 
tabase. 

15 

30. A method for determining whether a candidate elec- 
tronic document is an authenticate copy of an orig- 
inal electronic document using a document certifi- 
cate associated with the original electronic docu- 
ment, comprising; 20 

(a) obtaining the candidate electronic docu- 
ment, the document certificate associated with 
the candidate electronic document and having 

a first document fingerprint, and a digital signa- 25 
ture associated with the document certificate: 

(b) applying a first cryptographic hash function 
to the document certificate to produce a first 
document certificate fingerprint; 

(c) cryptographically verifying the digital signa- 30 
ture to produce a second document certificate 
fingerprint: 

(d) indicating, when the first document certifi- 
cate fingerprint matches the second document 
certificate fingerprint, that the first document 
fingerprint and the certification time associated 
with the document certificate are authentic: 

(e) applying a second cryptographic hash func- 
tion to the candidate electronic document to 
produce a second document fingerprint: and ■*<> 

(f) indicating, when the first document finger- 
print matches the second document fingerprint 
contained within the document certificate., that 
the candidate electronic document is the au- 
thentic copy of the original electronic docu- 45 
ment. 

31 . An apparatus for certifying and preserving an elec- 
tronic document, comprising: 

50 

a processor; 

a first memory connected to said processor 
said first memory storing the electronic docu- 
ment and storing a plurality of instructions 
adapted to be executed by said processor to: 55 

(a) apply a first cryptographic hash function 
to the electronic document to produce a 



document fingerprint: 

(b) apply a second cryptographic hash 
function to a document certificate which in- 
cludes the document fingerprint, a time 
stamp, and a serial number to produce a 
document certificate fingerprint: 

(c) cryptographically sign the certificate fin- 
gerprint to produce a digital signature; and 

(d) store the electronic document in said 
memory. 

32. An apparatus for certifying and preserving an elec- 
tronic document, comprising: 

means for applying a first cryptographic hash 
function to the electronic document to produce 
a document fingerprint: 

means for applying a second cryptographic 
hash function to a document certificate which 
includes the document fingerprint, a time 
stamp, and a serial number to produce a doc- 
ument certificate fingerprint; 
means for cryptographically signing the certifi- 
cate fingerprint to produce a digital signature: 
and 

means for storing the electronic document. 

33. An apparatus for certifying and preserving an elec- 
tronic document to enable a user to subsequently 
authenticate contents of and certification date of the 
electronic document, comprising: 

a processor; and 

a memory connected to said processor, said 
memory storing a plurality of instructions adapt- 
ed to be executed by said processor to: 

(a) obtain the electronic document, a doc- 
ument certificate associated with the elec- 
tronic document and having a first docu- 
ment fingerprint, and a digital signature as- 
sociated with the document certificate; 

(b) apply a first cryptographic hash function 
to the document certificate to produce a 
first document certificate fingerprint: 

(c) cryptographically verify the digital sig- 
nature to produce a second document cer- 
tificate fingerprint: and 

(d) indicate, when the first document certif- 
icate fingerprint matches the second doc- 
ument certificate fingerprint, that the first 
document fingerprint and the certification 
time associated with the document certifi- 
cate are authentic. 

(e) apply a second cryptographic hash 
function to the electronic document to pro- 
duce a second document fingerprint: 

(f ) indicate, when the first document f inger- 
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print matches the second document finger- 
print that the contents of the electronic 
document are authentic. 
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FIG. 2 



RECEIVE AN ELECTRONIC DOCUMENT FROM THE 
CLIENT AT THE SERVER 



APPLY A CRYPTOGRAPHIC HASH FUNCTION TO 
THE ELECTRONIC DOCUMENT TO PRODUCE A 
DOCUMENT FINGERPRINT 



RECORD A TIME STAMP 



CREATE A DOCUMENT CERTIFICATE USING THE 
DOCUMENT FINGERPRINT, THE TIME STAMP, AND 
A SERIAL NUMBER 



APPLY A CRYPTOGRAPHIC HASH FUNCTION TO 
THE DOCUMENT CERTIFICATE TO PRODUCE A 
DOCUMENT CERTIFICATE FINGERPRINT 



CRYPTOGRAPHICALLY SIGN THE DOCUMENT 
CERTIFICATE FINGERPRINT TO CREATE A 
DIGITAL SIGNATURE 



STORE THE ELECTRONIC DOCUMENT IN 
REPOSITORY STORAGE 



SEND THE DOCUMENT CERTIFICATE AND DIGITAL 
SIGNATURE FROM THE SERVER TO THE CLIENT 
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FIG. 3 
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FIG. 4 



OBTAIN AT THE CLIENT A COPY OF THE 
400— \ DOCUMENT CERTIFICATE ANO DIGITAL 

SIGNATURE 



410 



APPLY A CRYPTOGRAPHIC HASH FUNCTION 

TO THE DOCUMENT CERTIFICATE TO 
PRODUCE A FIRST OOCUMENT CERTIFICATE 
FINGERPRINT 



420 



CRYPTOGRAPHICALLY VERIFY THE DIGITAL 
SIGNATURE TO PRODUCE A SECONO 
OOCUMENT CERTIFICATE FINGERPRINT 
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does the first document 
certificate fingerprint match 
the second document 
certificate fingerprint? 
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INDICATE THE CONTENTS OF THE 
DOCUMENT CERTIFICATE ARE NOT 
AUTHENTIC 
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OBTAIN AT THE CLIENT A COPY OF THE 

ELECTRONIC DOCUMENT ANO THE 
CORRESPONDING DOCUMENT CERTIFICATE 
HAVING A FIRST DOCUMENT FINGERPRINT 
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APPLY A CRYPTOGRAPHIC HASH FUNCTION 
TO THE ELECTRONIC DOCUMENT TO 
PRODUCE A SECOND DOCUMENT 
FINGERPRINT 




DOES THE FIRST DOCUMENT 
FINGERPRINT MATCH THE SECOND 
DOCUMENT FINGERPRINT? 

NO 
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ARE AUTHENTIC 
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INDICATE THE CONTENTS OF THE 
ELECTRONIC DOCUMENT ARE NOT 
AUTHENTIC 



16 




EP 0 940 945 A2 
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700- 



OBTAIN AT THE CLIENT A COPY OF THE 
ELECTRONIC DOCUMENT WHERE CANNOT 

ESTABLISH THE CORRESPONDING 
DOCUMENT CERTIFICATE BEING RESIDENT 
AT THE CLIENT 
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APPLY A CRYPTOGRAPHIC HASH FUNCTION 
TO THE ELECTRONIC DOCUMENT TO 
PRODUCE A FIRST DOCUMENT 
FINGERPRINT 




DOES THE HASH VALUE MATCH 
THE CORRESPONDING PORTION OF THE 
FIRST DOCUMENT FINGERPRINT? 



YES 




FOR EACH MATCH. DOES THE 
SECOND OOCUMENT FINGERPRINT MATCH 
THE FIRST DOCUMENT FINGERPRINT? 
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YES 



INDICATE THE CONTENTS OF THE 
ELECTRONIC DOCUMENT ARE AUTHENTIC 



NO 



740 



NO 



INDICATE THAT 

AUTHENTICITY OF 
THE CONTENTS OF 

THE ELECTRONIC 
OOCUMENT CANNOT 

BE ESTABLISHED 
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